首先，我必须同意@fencepost的回答。然而，我忍不住发布了一个解决方案，所以我们来了！

function __intercept_private_page( $posts, &$wp_query )
{
    // remove filter now, so that on subsequent post querying we don\'t get involved!
    remove_filter( \'the_posts\', \'__intercept_private_page\', 5, 2 );

    if ( !( $wp_query->is_page && empty($posts) ) )
        return $posts; // bail, not page with no results

    // if you want to explicitly check it *is* private, use the code block below:   
    /*
        if ( !empty( $wp_query->query[\'page_id\'] ) )
            $page = get_page( $wp_query->query[\'page_id\'] );
        else
            $page = get_page_by_path( $wp_query->query[\'pagename\'] );

        if ( $page && $page->post_status == \'private\' ) {
            // redirect
        }
    */

    // otherwise assume that if the request was for a page, and no page was found, it was private
    wp_redirect( home_url(), 301 );
    exit;
}
is_admin() || add_filter( \'the_posts\', \'__intercept_private_page\', 5, 2 );

在我看来，你不应该返回404或301-你应该返回401（未经授权/需要身份验证，但你不会接受提供的任何身份验证）或403（被拒绝，也就是我知道你要什么，你不能得到它）。

有一个废弃的插件Private Page Forbidden 这可能值得一看以寻求指导，尽管乍一看，它似乎想将404转换为403，这似乎是个坏主意。不幸的是，虽然有各种各样的选项讨论（参见https://core.trac.wordpress.org/ticket/10551 和相关的）修复的里程碑已逐渐移到“未来版本”